Started adding /json/artifact tickets support, but grokking tkt.c is more than i am up for tonight. Changed how permissions checks are done under /json/artifact (previous approach is just plain silly without C++ templates)
check-in: cee8bc67 user: stephan tags: json-multitag-test, json

Revert the previous change after thinking more about it. Login cards in the sync protocol have the following format: login userid nonce signature Nonce is SHA-1 of the message that follows this line, signature is SHA-1 of the concatenation of the nonce and user's shared secret. The successful timing attack can reveal only signature for this particular packet due to nonce. However, as nonce is known to the attacker, it's theoretically possible for them to bruteforce the shared secret_offline_. The whole scenario sounds highly improbable, but using constant-time comparison function for such things by default is a good practice.
check-in: 13a9a124 user: dmitry tags: dmitry-security

Disabling Cache-control: no-store, as it made firefox forget about form field
contents on back/forward in history. Resolution achieved by a minimal consensus at
this thread on
the mailing list.
check-in: 3fac77d7 user: viriketo tags: trunk

Started refactoring some of the timeline/artifact components into reusable parts. Comment edited only to test json responses which differentiate between pristine and edited commits.
check-in: b1f92572 user: stephan tags: json-multitag-test, json

minor jsonp tweaks. Added some test code for it in the demo app, but there is still some jsonp disconnect between the two AJAJ layers, and i may need to consolidate them to work around it.
check-in: f48b687a user: stephan tags: json

Added /json/rebuild. Is likely to fail w/ an AJAX timeout for large repos, which will probably cause the rebuild to roll back on the next open :/. Takes 21sec on my 32-bit netbook to rebuild the fossil repo.
check-in: 071de8f1 user: stephan tags: json

Added my AJAX test code after accidentally deleting my local copy (thank goodness the test server still had a copy). See the README if you want to set it up locally under apache.
check-in: c6c5ad13 user: stephan tags: json

Refactored prepareBranchStatement() to simplify its usage, get rid of ambiguous arg handling, and allow the caller to specify the priority of the all-vs-closed-vs-opened decision. Made it non-static and renamed to branch_prepare_statement() for re-use in /json/branch/list.
check-in: 5a81a5ea user: stephan tags: json

Started adding /json/timeline support, but this is gonna be a doozie. Breaking it down into separate calls for ci/wiki/ticket, e.g. /json/timeline/ci because the structures will be different for each.
check-in: eff3f7d9 user: stephan tags: json

Refactored page/command callback to take on argument to simplify certain dispatching ops. json_getenv() now falls back to getenv() if neither the POST data nor cgi_parameter() contains the requested value, but this is basically a workaround for my current inability to add --opt support in CLI mode (due to how HTTP/CLI command handling is consolidated).
check-in: 206908fa user: stephan tags: json

Factored out cson_cgi bits - now using fossil's CGI bits. Removed cson_cgi from cson_amalgamation (cuts its size considerably). Seems to still work, and this removes some discrepancies in how CGI/server modes are handled.
check-in: 4cf96814 user: stephan tags: json

worked around a weird cgi_parameter() bug. We are now not processing the name/password params with the precedence i would like, but it works now in server/cgi modes with GET and POST.
check-in: b0885e86 user: stephan tags: json

Begin streamline the online documentation to:
• always include a short overview of the options supported by a given command, alphabetically sorted
• reference similar/related commands with a final See also: section
• Use ?x? for optional arguments
• collapse supported options into ?OPTIONS?
This is commit #1/n.
check-in: 3fbf8caa user: martin.weber tags: msw-docco

Introduce new file_wd_* functions that use stat() or lstat() depending on 'allow-symlinks' setting, and use them when dealing with files inside the working directory. Make file_* functions always use stat() as before merging symlink support. Fix renaming of symlinks when merging (via new function symlink_copy()). Rename create_symlink() to symlink_create().
check-in: 8a0c5469 user: dmitry tags: symlinks